Hi, there was recently an xml-dev thread about security problems allowing arbitrary XML in protocols (see for instance [1]). As WebDAV doesn't need resolution of external entities / DTD validation, I'd suggest to specfiy that servers and clients MUST NOT resolve external entities, that is, MUST reject any WebDAV protocol message that contains external entities. Feedback appreciated. [1] <http://lists.xml.org/archives/xml-dev/200206/msg00247.html>Received on Wednesday, 19 June 2002 03:31:55 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 12 October 2007 17:53:17 GMT